package top.luoqiz.jenkins.config.oauth2;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * Spring Security 中的ResourceServerConfigurerAdapter配置会覆盖WebSecurityConfigurerAdapter
 * protected void configure(HttpSecurity http) 中的配置会以ResourceServerConfigurerAdapter为准
 *
 * @author chenzhiling
 */
@Configuration
@EnableResourceServer
public class CustomResServerConfiguration extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_ID = "storicid";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID).stateless(true);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests((requests) ->
                requests.antMatchers(
                        "/",
                        "/login",
                        "/jenkins/code",
                        "/oauth/**",
                        "/v2/api-docs",
                        "/configuration/**",
                        "/swagger*/**",
                        "/webjars/**", "/**/*.js", "/**/*.css", "/**/*.png"
                ).permitAll());


        http.antMatcher("/oauth").authorizeRequests().anyRequest().permitAll().and().formLogin(Customizer.withDefaults());
//        http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
//        http.authorizeRequests((request) -> request.antMatchers("/oauth").permitAll().anyRequest().authenticated())
//                .formLogin(Customizer.withDefaults());
//        http
//                .authorizeRequests()
//                .antMatchers("/admin/**")
//                .access("#oauth2.hasScope('read')")
//                .antMatchers("/admin/**")
//                .hasAnyAuthority("ROLE_ADMIN")
;
    }
}